{"id":58636,"date":"2025-05-10T14:02:08","date_gmt":"2025-05-10T14:02:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/"},"modified":"2025-05-10T14:02:08","modified_gmt":"2025-05-10T14:02:08","slug":"feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/","title":{"rendered":"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants"},"content":{"rendered":"<p>Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.<\/p>\n<p>In a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ic3.gov\/CSA\/2025\/250507.pdf\">FLASH bulletin<\/a> [PDF] on Wednesday, the FBI warned that aging routers from Linksys, Ericsson, and Cisco, commonly found in homes and small businesses, were being actively targeted by cybercriminals.<\/p>\n<p>These devices, long past their update window, were compromised and made available for sale as part of a criminal proxy network marketed through the 5socks and Anyproxy domains. The botnet provided anonymity to malicious users and enabled a range of cybercrime, including distributed denial of service (DDoS) attacks, according to federal investigators and security researchers.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Here are the dusty old routers you need to watch out for:<\/p>\n<ul>\n<li>Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550 and WRT320N, WRT310N, WRT610N kit<\/li>\n<li>The Ericsson Cradlepoint E100 router<\/li>\n<li>The Cisco Valet M10<\/li>\n<\/ul>\n<p>A DoJ <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.justice.gov\/usao-ndok\/pr\/botnet-dismantled-international-operation-russian-and-kazakhstani-administrators\">indictment<\/a> issued on Friday offered more details on how the botnets allegedly operated. The operators charged between $9.95 and $110 per month for access to what they claimed were over 7,000 residential proxies, the indictment claims. Prosecutors believe the scheme pulled in more than $46 million, with the website boasting it had been &#8220;Working since 2004!&#8221;<\/p>\n<p>Not anymore, since the domain running the attacks has been seized in what the Feds are calling Operation Moonlander.<\/p>\n<div class=\"CaptionedImage Border width_85\" readability=\"7\"><a href=\"https:\/\/regmedia.co.uk\/2025\/05\/09\/moonlander.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2025\/05\/09\/moonlander.jpg?x=648&amp;y=405&amp;infer_y=1\" alt=\"moonlander takeover screen\" title=\"moonlander\" height=\"405\" width=\"648\"><\/a><\/p>\n<p class=\"text_center\">You&#8217;ve been pwned- Click to enlarge<\/p>\n<\/div>\n<p>A <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250507\">separate FBI PSA<\/a> issued Wednesday described a wave of router infections using TheMoon malware, consistent with the timing of the domain seizure takedown. TheMoon, first identified in 2014, is notorious for infecting routers via open ports and vulnerable scripts. In March 2024, it <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.tanium.com\/blog\/tycoon-phishing-as-a-service-and-themoon-malware-cyber-threat-intelligence-roundup\/\">compromised<\/a> over 6,000 Asus routers in under 72 hours as part of a proxy-building campaign.<\/p>\n<p>&#8220;TheMoon does not require a password to infect routers; it scans for open ports and sends a command to a vulnerable script,&#8221; the FBI PSA explains. &#8220;The malware contacts the command and control (C2) server and the C2 server responds with instructions, which may include instructing the infected machine to scan for other vulnerable routers to spread the infection and expand the network.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Three Russian nationals &#8211; Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36 &#8211; and a Kazakhstani associate Dmitriy Rubtsov, 38 &#8211; were named in the Friday indictment. Chertkov and Rubtsov were also charged with providing false registration information when signing up the domains used to operate the proxy services.<\/p>\n<p>The indictments are a result of a combined operation between European and US law enforcement, as well as with support from Lumen&#8217;s Black Lotus Labs. The operators exploited outdated routers and maintained a relatively low operational footprint &#8211; despite advertising access to thousands of proxies &#8211; to avoid detection.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The botnet operators claim that they maintain a daily population of over 7,000 proxies. Based on Black Lotus Labs\u2019 telemetry, we can see an average of about 1,000 weekly active proxies in over 80 countries, however we believe their true bot population is less than advertised to potential users,&#8221; the security shop <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.lumen.com\/black-lotus-labs-helps-demolish-major-criminal-proxy-network\/\">said<\/a>. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/05\/10\/router_botnet_crashed\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-58636","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-10T14:02:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants\",\"datePublished\":\"2025-05-10T14:02:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/\"},\"wordCount\":533,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/\",\"name\":\"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2025-05-10T14:02:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/","og_locale":"en_US","og_type":"article","og_title":"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-05-10T14:02:08+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants","datePublished":"2025-05-10T14:02:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/"},"wordCount":533,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/","url":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/","name":"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2025-05-10T14:02:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aB9hN2lfO3S1CmmyO11JcwAAAsU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/feds-disrupt-proxy-for-hire-botnet-indict-four-alleged-net-miscreants\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=58636"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58636\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=58636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=58636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=58636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}